VMware
 

Knowledge Base

Search the Knowledge Base:
Products:
Search In:
 

Security Response to CAN-2004-0885: Audit Warns of Possible mod_proxy Vulnerability

Details

A security software audit warns that an ESX Server machine may have the security vulnerability described at:

cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0885.

How can I protect the server? Does VMware have a fix for this?

Solution

This vulnerability is exploitable if mod_proxy is in use. Because the management interface does not use this proxy (it is not enabled in httpd.conf), ESX Server 2.x is not exposed to this vulnerability. VMware recommends that you do not enable mod_proxy on an ESX Server machine.

ESX Server 2.5 updates the mod_ssl library to Version 2.8.20 so that CAN-2004-0885 should not be identified as a vulnerability by a standard security scan. VMware also provides the same update to mod_ssl for ESX 2.1.x, 2.0.x and 1.5.2 in the following security updates:

Keywords

1555; urlz; alertz

Feedback

Rating: 1 - Lowest 2 3 4 5 - Highest (0 Ratings)   

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (2000 or fewer characters)
Submit
Rating: 1 - Lowest 2 3 4 5 - Highest (0 Ratings)   
Actions
  • KB Article: 1555
  • Updated: Aug 14, 2009
  • Products:
    VMware ESX
  • Product Versions:
    VMware ESX 1.5.x
    VMware ESX 2.0.x
    VMware ESX 2.1.x
    VMware ESX 2.5.x